Going to the Edge With WLANs

To enhance centralized WLAN management, high-density wireless Ethernet switches keep intelligence at the edge of a wireless network rather than in the access points.

Banking on the premise that wireless LANs will become as prevalent in the enterprise as wired networks, several vendors are developing high-density wireless Ethernet switches and sophisticated management software that keep intelligence at the edge of a wireless network rather than in the access points.

Silicon Valley startups Aruba Wireless Networks Inc., Black Storm Networks Inc. and Trapeze Networks Inc.—along with veteran Symbol Technologies Inc.—are focusing on next-generation wireless switches that enhance centralized WLAN management.

Aruba, of San Jose, Calif., this week will come out of stealth mode to announce its WLAN switching system, code-named Mother Ship, which isolates users traffic. It also authenticates each user over each switched connection, using one of several standard encryption schemes. Once authenticated, the switch, which sits at the edge of the network in a wiring closet, applies user-specific firewall policies.

"We started looking at Aruba when we needed to manage an enterprisewide wireless LAN in the [same] way we manage a wired LAN," said Neil Buckley, manager of network security at Partners HealthCare System Inc., in Boston.

Buckley said dealing with security has been the largest headache in his WLAN implementation. He plans to start beta testing the Aruba system next month. "We had been looking at combination firewalls and VPN [virtual private network] devices, but that quickly became unmanageable," he said. "Aruba takes the firewall, the VPN and the [intrusion detection system] and rolls them into a single device."

The monitoring software in the Mother Ship system performs an automated site survey initially and then balances traffic on the fly when the network is operating. The system works with most standard access points, but users with Aruba access points gain added features such as remote reconfiguration to extend coverage if another access point fails.

Aruba also uses Power over Ethernet, allowing installation with a single Category 5 Ethernet cable that carries power and data to each device. The Aruba products will go into beta tests this month and should be available by the middle of the year, officials said. Pricing has not yet been determined.

Two other well-funded startups, Black Storm, also of San Jose, and Trapeze, of Pleasanton, Calif., are focusing on centrally controlled WLANs and will be delivering switching systems within the year, said sources close to both companies. Officials declined to give details.

Meanwhile, Symbol, of San Jose, has plans to beef up its Mobius product line. Launched last year, Mobius comprises a wireless switch with two trunk ports that sits in the middle of a network and attaches to an existing Ethernet switch from a third-party vendor, such as 3Com Corp. or Cisco Systems Inc. It supports from six to 24 Mobius "access ports." Officials said that Symbol plans to launch a higher-port-density switch, which can sit on the edge of a large network, by the end of the year.

Beyond security, a main goal with a switch-managed WLAN is to make it easier to update a network.

"Its easier to upgrade one switch than 30 access points," said Sean OConnor, manager of network operations at Worcester Polytechnic Institute, in Worcester Mass., which is installing a Mobius network.

Even so, Cisco, of San Jose, plans to keep the security and management features in its access points despite the added cost. The company plans to keep adding wireless intelligence into its Ethernet switches, but officials said there are no plans for a "dumb access point" from Cisco.